0

I'm trying to sign an XML file using a digital certificate issued by AD CS. For some reason, I'm getting the following error. "invalid algorithm specified". Where am I wrong?

The machine where the software is is not the same as the ADCS. And I have no way to validate the certificate via crl because the machine is disconnected from the internet. PS: I intend to bypass crl checks.

    private void signBtn_Click(object sender, EventArgs e)
    {
        XmlDocument doc = new XmlDocument();
        doc.Load(@"C:\urnaData\votes.xml");

        string pfxPath = @"C:\urnaData\Urna1.pfx";
        X509Certificate2 cert = new X509Certificate2(File.ReadAllBytes(pfxPath), "Olamundo2003");
        SignXmlDoc(doc, cert);
        Console.WriteLine(doc.OuterXml);
    }
    public static void SignXmlDoc(XmlDocument doc, X509Certificate2 cert)
    {
        SignedXml signedXml = new SignedXml(doc);
        signedXml.SigningKey = cert.PrivateKey;
        Reference reference = new Reference();
        reference.Uri = "";
        reference.AddTransform(new XmlDsigEnvelopedSignatureTransform());
        signedXml.AddReference(reference);

        KeyInfo keyInfo = new KeyInfo();
        keyInfo.AddClause(new KeyInfoX509Data(cert));

        signedXml.KeyInfo = keyInfo;
        signedXml.ComputeSignature();
        XmlElement xmlSig = signedXml.GetXml();

        doc.DocumentElement.AppendChild(doc.ImportNode(xmlSig, true));
    }

Img 1

Img 2

tomas
  • 339
  • 1
  • 2
  • 14
  • I added the following lines: AppContext.SetSwitch("Switch.System.Security.Cryptography.Xml.UseInsecureHashAlgorithms", true); AppContext.SetSwitch("Switch.System.Security.Cryptography.Pkcs.UseInsecureHashAlgorithms", true); Now it's working. Does this mean my certificates are insecure? – tomas Oct 01 '22 at 17:45
  • use `cert.GetRSAPrivateKey()` instead of `cert.PrivateKey`, and I bet the error goes away. – bartonjs Oct 01 '22 at 19:04

0 Answers0